From cb552aff68b69c5cd8bd12206c6593bf21cecbf9 Mon Sep 17 00:00:00 2001
From: Gary Capell <gary@commsecure.com.au>
Date: Tue, 16 Jan 2007 11:29:48 +1100
Subject: Fix buffer overflow in cvsps if a log message line is longer than
 BUFSIZ

---
 cvs_direct.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/cvs_direct.c b/cvs_direct.c
index a5ad67f..caf1dce 100644
--- a/cvs_direct.c
+++ b/cvs_direct.c
@@ -664,6 +664,7 @@ static int refill_buffer(CvsServerCtx * ctx)
 static int read_line(CvsServerCtx * ctx, char * p)
 {
     int len = 0;
+    char *pSentinel = p + BUFSIZ -2;
     while (1)
     {
 	if (ctx->head == ctx->tail)
@@ -672,7 +673,7 @@ static int read_line(CvsServerCtx * ctx, char * p)
 
 	*p = *ctx->head++;
 
-	if (*p == '\n')
+	if (*p == '\n' || p == pSentinel)
 	{
 	    *p = 0;
 	    break;
-- 
cgit v1.2.1